/// <summary> /// 用户身份认证 /// </summary> /// <param name="strUserValue">用户数据值</param> /// <param name="eunmValueType">用户数据值类型</param> /// <param name="strPwdTypeGuid">用户所使用的密码类型</param> /// <param name="strUserPwd">用户所使用的登录口令(明码,待转换)</param> private void InitLogOnUserInfo(string strUserValue, LogonType eunmValueType, string strPwdTypeGuid, string strUserPwd) { ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strUserValue.Trim()), "对不起,没有确定的用户登录信息!"); _StrUserLogOnName = strUserValue; try { string strPwd = SecurityCalculate.PwdCalculate(strPwdTypeGuid, strUserPwd); string strOriginal = @" SELECT OU_USERS.PARENT_GUID, OU_USERS.USER_GUID, OU_USERS.DISPLAY_NAME, OU_USERS.OBJ_NAME, OU_USERS.ALL_PATH_NAME, OU_USERS.INNER_SORT, OU_USERS.GLOBAL_SORT, OU_USERS.ORIGINAL_SORT, OU_USERS.SIDELINE, OU_USERS.START_TIME, OU_USERS.END_TIME, USERS.LOGON_NAME, OU_USERS.DESCRIPTION, USERS.RANK_CODE, RANK_DEFINE.SORT_ID, RANK_DEFINE.NAME, RANK_DEFINE.VISIBLE FROM OU_USERS, USERS LEFT JOIN RANK_DEFINE ON USERS.RANK_CODE = RANK_DEFINE.CODE_NAME WHERE OU_USERS.USER_GUID = USERS.GUID AND USERS." + TSqlBuilder.Instance.CheckQuotationMark(eunmValueType.ToString(), false) + @" = {0} {1} {2} AND OU_USERS.STATUS = 1 AND DATEDIFF(DAY, OU_USERS.START_TIME, GETDATE()) >= 0 AND DATEDIFF(DAY, GETDATE(), OU_USERS.END_TIME) >= 0 " ; string strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(strUserValue, true), " AND USERS.USER_PWD = " + TSqlBuilder.Instance.CheckQuotationMark(strPwd, true), strPwdTypeGuid == string.Empty ? string.Empty : " AND USERS.PWD_TYPE_GUID = " + TSqlBuilder.Instance.CheckQuotationMark(strPwdTypeGuid, true)); using (DbContext context = DbContext.GetContext(CommonResource.AccreditConnAlias)) { Database database = DatabaseFactory.Create(context); DataSet ds = database.ExecuteDataSet(CommandType.Text, strSql + " AND USERS.POSTURAL <> 1 "); if (ds.Tables[0].Rows.Count > 0) { SetImpersonateUser(); if (_StrUserLogOnName != strUserValue) { strSql = string.Format(strOriginal, TSqlBuilder.Instance.CheckQuotationMark(_StrUserLogOnName, true), string.Empty, string.Empty); ds = database.ExecuteDataSet(CommandType.Text, strSql); } } else { DataSet posDS = database.ExecuteDataSet(CommandType.Text, strSql); ExceptionHelper.TrueThrow(posDS.Tables[0].Rows.Count > 0, "对不起,您的帐号[" + strUserValue + "]目前被禁用了!\n\n请联系管理员!"); } InitData(ds); } } catch (System.Exception ex) { //ExceptionManager.Publish(ex); throw ex; } }
/// <summary> /// 用户修改口令接口 /// </summary> /// <param name="strUserValue">要求被修改口令的用户</param> /// <param name="socu">strUserValue对应的数据类型</param> /// <param name="strOldPwd">用户的旧口令</param> /// <param name="strNewPwd">使用的新口令</param> /// <param name="strConfirmPwd">新口令的确认</param> /// <returns>本次修改是否成功</returns> public bool UpdateUserPwd(string strUserValue, SearchObjectColumn socu, string strOldPwd, string strNewPwd, string strConfirmPwd) { ExceptionHelper.TrueThrow(string.IsNullOrEmpty(strNewPwd.Trim()), "对不起,用户的登录口令不能为空!"); ExceptionHelper.FalseThrow(strNewPwd == strConfirmPwd, "对不起,用户的“新口令”必须与“确认口令”一致!"); using (TransactionScope scope = TransactionScopeFactory.Create()) { using (DbContext context = DbContext.GetContext(CommonResource.AccreditConnAlias)) { Database database = DatabaseFactory.Create(context); string strUserColName = OGUCommonDefine.GetSearchObjectColumn(socu); string strSql = @"SELECT USERS.GUID FROM USERS, OU_USERS WHERE USERS.GUID = OU_USERS.USER_GUID AND " + DatabaseSchema.Instence.GetTableColumns(strUserColName, "USERS") + " = " + TSqlBuilder.Instance.CheckQuotationMark(strUserValue, true) + @"; SELECT TOP 1 GUID FROM PWD_ARITHMETIC WHERE VISIBLE = 1 ORDER BY SORT_ID;" ; DataSet ds = database.ExecuteDataSet(CommandType.Text, strSql); ExceptionHelper.TrueThrow(ds.Tables[0].Rows.Count == 0, "对不起,系统中没有找到您指定的用户!"); ExceptionHelper.TrueThrow(ds.Tables[0].Rows.Count > 1, "对不起,您指定的用户在系统中不唯一!"); ExceptionHelper.TrueThrow(ds.Tables[1].Rows.Count < 1, "对不起,系统中找的不到数据表PWD_ARITHMETIC的数据!"); string secNewPwd = SecurityCalculate.PwdCalculate(ds.Tables[1].Rows[0][0].ToString(), strNewPwd); string secOldPwd = SecurityCalculate.PwdCalculate(ds.Tables[1].Rows[0][0].ToString(), strOldPwd); strSql = "UPDATE USERS SET USER_PWD = " + TSqlBuilder.Instance.CheckQuotationMark(secNewPwd, true) + @" WHERE USERS.GUID = " + TSqlBuilder.Instance.CheckQuotationMark((string)ds.Tables[0].Rows[0]["GUID"], true) + @" AND USERS.USER_PWD = " + TSqlBuilder.Instance.CheckQuotationMark(secOldPwd, true); ExceptionHelper.FalseThrow(database.ExecuteNonQuery(CommandType.Text, strSql) == 1, "对不起,用户的旧口令不正确!"); } scope.Complete(); } return(true); }